On 28.4.2013 19:50, Jakub Hrozek wrote:
> >get a single machine to be able to perform any update, and have this as
> >one of the entries in my "bind update policy":
> >grant SERVICE\047foreman.collmedia....@collmedia.net wildcard * ANY;
String "SERVICE/ipaserver.example....@example.com" in the example is full
principal name including Kerberos REALM. The string "SERVICE" has to be
replaced with real service name.
Everything is case sensitive!
See http://www.zytrax.com/tech/survival/kerberos.html#terminology for some
Your zone update policy should include something like "grant
host/\047foreman.collmedia....@collmedia.net wildcard * ANY;"
This example contains an error: Character '/' in principal name has be to
replaced with "\047". The corrected example is:
"grant host\047foreman.collmedia....@collmedia.net wildcard * ANY;"
Freeipa-users mailing list